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REMARKS 

Firstly, applicant's undersigned attorney wants to thank the Examiner for 
the opportunity to have discussed the subject application with him in a telephone 
interview. 

Claims 1 and 18 have been rejected under 35 U.S.C. §1 03(a) as being 
anticipated by the previously cited Bendinelli et al. published patent application in 
view of the previously cited Rabenko et al. patent in further in view of the newly 
cited Ylonen patent. Claims 1 and 18 have been amended above, including a 
typographical correction. Claims 7 and 22 have been cancelled. 

Bendinelli does not disclose "a secure tunnel that has created between a 
first endpoint and a second endpoint on a packet network which traverses at 
least one network address translator (NAT) In Bendinelli, the secure IPSec 
tunnel is terminated between gateways that include an embedded NAT. 
Bendinelli does not support a configuration where the NAT (gateway) is not 
trusted by the endpoints. Thus for example, in Bendinelli, if an company 
employee is away from his office on business and connects his client terminal to 
his company's central computer through a hotel or airport gateway, all packets 
sent from his client terminal would not be secure and could be accessed at the 
gateway. Thus, in Bendinelli, if the gateway is not trusted and is operated 
independently of the endpoints, the security afforded by the secure tunnel 
between gateways does not provide end-to-end security since the secure tunnel 
does not extend to the endpoints. In Bendinelli, only if the gateways are "trusted" 
to the endpoints and working dependency with the gateways, could end-to-end 
security be assured to packets being transmitted between the endpoints. 
Applicant's amended claim 1 that indicates a NAT "functioning independently of 
the first and second endpoints" and a secure tunnel "between a first endpoint and 
a second endpoint on a packet network which traverses at least one network 
address translator (NAT)" are not disclosed or suggested by Bendinelli. 

The Examiner cites Ylonen for "performing] mappings on the SPI values 
in the packet." VPN Masquerade does not change SPI values. In applicant's 
claimed invention, the NAT "notes but does not change a packet's security 
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identifier" and uses that security identifier in heuristically translating between 
global addresses and private addresses. In fact, in VPN Masquerade, if the SPI 
were changed along its path, a packet would be discarded at its destination since 
the cryptographic checksum would no longer be correct. In Ylonen, the SPI 
values are clearly changed and probes are inserted at endpoints so that the 
endpoints can discover and compensate for SPI changes. Without changing the 
SPI, however, using VPN Masquerade can result in collisions and race 
conditions, as detailed in the specification, which the claimed invention eliminates 
or provides recovery there from. 

In Rabenko, a gateway inserts packets purported to be from a first 
endpoint to make a second endpoint complete the handshake without a costly 
timeout. The NAT implementing VPN Masquerade does not insert packets and, 
in fact, it would be unable to do so since in a secure protocol, the gateway (NAT) 
does not have the cryptographic key necessary for inserting a packet that the 
second endpoint would be able to authenticate as being from the first endpoint. 

For the reasons above, independent claims 1 and 18 are believed not to 
be anticipated by the combination of the cited references, and are thus believed 
to be allowable, as are their dependent claims. 
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In view of the foregoing, allowance of all the claims presently in the 
application and passage to issue of the subject application is respectfully 
requested. If the Examiner should feel that the application is not yet in a 
condition for allowance and that a telephone interview would be useful, he is 
invited to contact applicants' undersigned attorney at 973, 386-8252. 
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